[jboss-cvs] JBossAS SVN: r74929 - projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype.

Mon Jun 23 18:53:08 EDT 2008

Author: darran.lofthouse at jboss.com
Date: 2008-06-23 18:53:08 -0400 (Mon, 23 Jun 2008)
New Revision: 74929

Removed:
   projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java
Modified:
   projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/LdapExtLoginModule.java
Log:
Try a different one.

Deleted: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java
===================================================================

--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java	2008-06-23 22:43:32 UTC (rev 74928)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/DecodeAction.java	2008-06-23 22:53:08 UTC (rev 74929)
@@ -1,110 +0,0 @@
-/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
-package org.jboss.security.auth.spi;
-
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-import javax.crypto.Cipher;
-import javax.management.ObjectName;
-
-import org.jboss.security.config.SecurityConfiguration;
-
-/**
- * PriviledgedActions used by login modules for decoding passwords
- * 
- * @author Scott.Stark at jboss.org
- * @version $Revision$
- */
-class DecodeAction implements PrivilegedExceptionAction<Object>
-{
-   /** The permission required to access decode, decode64 */
-   private static final RuntimePermission decodePermission =
-      new RuntimePermission("org.jboss.security.auth.spi.DecodeAction.decode"); 
-   
-   String password;
-   ObjectName serviceName;
-
-   DecodeAction(String password, ObjectName serviceName)
-   {
-      this.password = password;
-      this.serviceName = serviceName;
-   }
-
-   /**
-    * 
-    * @return
-    * @throws Exception
-    */
-   public Object run() throws Exception
-   {  
-      // Invoke the decodeb64 op
-      byte[] secret = decode64(password);
-      // Convert to UTF-8 base char array
-      String secretPassword = new String(secret, "UTF-8");
-      return secretPassword.toCharArray();
-   }
-   
-   private byte[] decode64(String secret)
-   throws Exception
-   {
-     byte[] encoding = Util.fromb64(secret);
-     byte[] decode = decode(encoding);
-     return decode;
-   }
-   
-   /** Decrypt the secret using the cipherKey.
-   *
-   * @param secret - the encrypted secret to decrypt.
-   * @return the decrypted secret
-   * @throws Exception
-   */
-  private byte[] decode(byte[] secret)
-     throws Exception
-  {
-     SecurityManager sm = System.getSecurityManager();
-     if( sm != null )
-        sm.checkPermission(decodePermission);
-
-     Cipher cipher = Cipher.getInstance(SecurityConfiguration.getCipherAlgorithm());
-     cipher.init(Cipher.DECRYPT_MODE, SecurityConfiguration.getCipherKey(), 
-           SecurityConfiguration.getCipherSpec());
-     byte[] decode = cipher.doFinal(secret);
-     return decode;
-  }
-  
-   static char[] decode(String password, ObjectName serviceName)
-      throws Exception
-   {
-      DecodeAction action = new DecodeAction(password, serviceName);
-      try
-      {
-         char[] decode = (char[]) AccessController.doPrivileged(action);
-         return decode;
-      }
-      catch(PrivilegedActionException e)
-      {
-         throw e.getException();
-      }
-   }
-}

Modified: projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/LdapExtLoginModule.java
===================================================================
--- projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/LdapExtLoginModule.java	2008-06-23 22:43:32 UTC (rev 74928)
+++ projects/security/security-negotiation/trunk/jboss-negotiation/src/main/java/org/jboss/security/negotiation/prototype/LdapExtLoginModule.java	2008-06-23 22:53:08 UTC (rev 74929)
@@ -19,7 +19,7 @@
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
-package org.jboss.security.auth.spi;
+package org.jboss.security.negotiation.prototype;
 
 import java.security.Principal;
 import java.security.acl.Group;
@@ -39,6 +39,7 @@
 import javax.security.auth.login.LoginException;
 
 import org.jboss.security.SimpleGroup;
+import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
 
 /**
  The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an


